Cogmotive firm has discovered a potentially critical persistent cross site scripting(XSS) vulnerability in the Office 365 - a cloud version of office. A successful exploitation allows attacker to take control of the administrator account.

To exploit this vulnerability, you have to be one of the user. A malicious employee can change their own Display name to XSS vectors.

For instance, an attacker can modify his display name to the following script:

An Information Security Researcher, Sukhwinder Singh, has identified a critical security flaw in one of the top Support ticket system provided by Zendesk.

The title field is vulnerable to Persistent Cross site scripting. The researcher managed to create a ticket with this title : "><script>alert(/Sukhwinder Singh/)</script>.

Even though the Developer of this app managed to sanitize the title before being displayed in the user end, he stored the title in the database without sanitizing.

The title is being sanitized every time it is being displayed in the page. Unfortunately, they failed to remove the special characters before displaying the title in data-text attribute of Twitter_button code.

The vulnerability affects the "Manage Widget" page of ShareCash. The XSS vulnerability found to be stored one.

Stored XSS Vulnerability

Stored XSS is critical one since the script is being stored on the server and is being executed every time user visits the affected page.

In an Email Sent to EHN, Researcher provided the screenshot of the Proof-of-concept. From the POC, I come to know that the "Widget Name" is vulnerable to xss attack. It seems like the developer fails to validate the input.

Rafay claimed that he sent more than 10 emails to share cash to notify them about the vulnerability, but they failed to respond.

A security Researcher Frans Rosén has discovered Cross Site Scripting vulnerability in Facebook and DropBox.

Initially , the researcher was working on finding security flaws on DropBox. He noticed that when using their web interface there were some restrictions on what filenames that were allowed. He tried to rename the file with '"><img src=x onerror=alert(document.domain)>.txt But he got error message that some special characters are not allowed.

"But, if you instead, connected a local directory, created a file there and synced it, you got it inside Dropbox without any problems."The researcher explained in his blog. "Using this method I was able to find two issues with their notification messages showing unescaped filenames."

He notified DropBox about the vulnerability and they have successfully patched the flaw.

After some time, he noticed that there is connection between DropBox and Facebook. You can add files directly from DropBox to your Facebook groups. So he was curious to test the vulnerability in Facebook also.

In his Facebook group, he tried to add the previously uploaded file in the DropBox. After he posted in the group, the xss attack didn't work. But when he clicked the 'Share' link in the post, he got alert message. Yes, Successfully, he managed to run the Script in Facebook. The XSS also worked when he shared the crafted pin from the Pinterest.

According to his research, It is possible to embed JavaScript and some other HTML tags to certain Tumblr post types (e.g. video post).

The vulnerability can be used for launching phishing attacks. For instance,it would be quite easy to ask input from user in various ways. User input could be stored to attackers server. Attacker could push malicious files from his/her server to Tumblr users.

"Attacker could create several Tumblr accounts and start blogging viral or popular videos using well chosen tags. Trust and popularity could be increased by using other accounts for reblogging video posts."Researcher described one possible attack scenario.

"Once the 'attack blog' would have enough followers, attacker could create a malicious post again with carefully selected tags. If the followers would reblog a malicious post, the spreading of payload would start."

The Vulnerability Laboratory Research Team discovered a persistent input validation vulnerability in the official Paypal ecommerce website content management system.

The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent). The persistent vulnerability is located in the Artikel pro Seite listing module with the bound vulnerable filterVal1 parameter.